Job Description

Location: Springfield or Boston, MA

Type: Hybrid (3 days onsite per week)

Job Description:  The SaaS Governance role focuses on developing and enforcing policies, controls, and metrics for SaaS application usage across the enterprise. This includes inventory, risk classification, vendor management, access governance, usage compliance, and alignment with corporate security and privacy policies.

Key Responsibilities

Develop and maintain SaaS governance framework, policies, standards, and control objectives.
Oversee implementation and tuning of SaaS Security tools.
Drive automation of SaaS onboarding, offboarding, and continuous monitoring workflows.
Maintain centralized inventory of SaaS applications (shadow IT + sanctioned).
Lead periodic SaaS risk assessments and security reviews.
Ensure SaaS vendor compliance with contractual obligations (e.g., DPAs, SLAs).
Work with procurement and legal to vet new SaaS apps and renewals.
Define metrics and dashboards to track governance posture and exceptions.
Enable federated governance model via policy-as-code or delegation models.
Advocate for secure SaaS adoption with business stakeholders.
Coordinate audits and collaborate with compliance teams on data protection requirements.
Provide security education and guidance to application owners and end-users.
Support and respond to incident response efforts related to SaaS data breaches or misconfigurations.

Skills: .
Required Skills

5 - 8 years of experience in cybersecurity with 2+ years focused on SaaS or cloud security.
Strong understanding of SaaS risk, regulatory, and compliance issues.
Ability to collaborate across IT, legal, security, and procurement functions.
Experience with SaaS inventory/discovery tools (e.g., Netskope, Wing, BetterCloud).
Familiarity with SaaS governance frameworks (e.g., NIST, CSA, CIS).
Excellent policy writing, communication, and stakeholder engagement skills.


Preferred Skills

Experience building or maintaining SaaS Governance Risk and Compliance (GRC) dashboards.
Understanding of SaaS license management and shadow IT discovery.
Knowledge of AI governance in SaaS tools with LLM integration.
Familiarity with data classification and retention policies across SaaS tools.

Education: Bachelor s degree in computer science, Cybersecurity, or related field - or equivalent experience.

Relevant Certifications
Required:

Certified Information Security Manager (CISM)
Certified Information Privacy Professional (CIPP/US or CIPP/E)

Preferred:

Certified in Governance of Enterprise IT (CGEIT)
CCSP or CCSK (Cloud Security Alliance)
SaaS Governance Professional (vendor-specific, if available)